CDC – founded in 2007 as Canberra Data Centres and valued at more than $7bn – has been expanding as more companies look to house their data onshore rather than cheaper locations overseas.

It opened a $1.5bn data centre at Eastern Creek in December and CDC chief executive Greg Boorer told The Weekend Australian the company would spend $1bn on the site to make it one of the biggest in the southern hemisphere.

“Every cloud has a ground. For all the services that keep the country moving and that people enjoy on their phones and different things, they live somewhere and they live in data centres,” he said.

“The (Covid-19) recovery is to a large degree being technology led and every single country is focused on data sovereignty.

“It would be horrible to contemplate a critical system that the government requires to keep citizens safe – health data or something like that – and it’s located in a different country and there is a denial of service from that country. It could be incredibly problematic.”

CDC has been spending about $1bn annually on new centres in the past two years as it lifts the number of facilities from 13 to 20.

“The increasing number and sophistication of attacks and threats have brought data security to the top of national and organisational risks and, with it, an unprecedented focus on ensuring the very foundations of digital infrastructure are fit for purpose,” Mr Boorer said, adding that some big companies still hold their data in office building rather than purpose-built secure facilities.

“We’ve come from an odd place in that we started working with the government first and not the commercial sector, so we have grown up with really strict rules on compliance, a focus on security.

“With the most recent challenges, the entire digital economy has kind of moved in our direction, rather than to a lower security or a low availability preference.”

But, as hi-tech and secure as CDC and its rivals’ data centres are, Mr Boorer said they cannot completely fend off Optus or Medibank-style data attacks, saying it was a 50/50 responsibility.

“The security that modern world-class data centres offer goes a long way to protecting the data, because the availability of these systems is equally as important as the security,” he said.

“It’s equally damaging to a Medibank or an Optus if their systems aren’t available and the data isn’t available.

“But none of these things will protect data unless there is a holistic approach to security, all the way through the technology stack.”

Mr Boorer said while data centre providers could safeguard their facilities from hackers and suspicious activity, it was a company’s responsibility to secure their networks from cyber threats.

For example, the criminal behind the Medibank data hack purchased login credentials to gain access to the network from a Russian forum and did extensive reconnaissance before collecting the data.

After failing to gain a ransom, the hackers released the records, including treatment for drug and alcohol abuse, various mental health conditions and abortions.

Mr Boorer expected CDC’s total capacity to exceed 700MW in the year ahead. The 13 data centres it operates are spread across six locations in Canberra, Sydney and Auckland. Construction is under way on a new site in Melbourne.

Other investors in CDC include the Commonwealth Superannuation Corporation, and New Zealand group Infratil. CDC management owns about 5 per cent of the business. This month, Infratil valued its 48.1 per cent stake in CDC at $2.97bn to $3.6bn, with a midpoint of $3.2bn. This compared with a midpoint valuation of $2.88bn last September.

“CDC completed a review of its capital structure, extending the size and tenor of its bank facilities via a refinancing of its existing debt with materially improved pricing and terms and undertaking its first debt raise in the US Private Placement market,” Infratil said.

“The capital structure review has provided greater confidence in CDC’s growth funding options as it continues to expand its footprint and add further capacity to its offering.

“In November, CDC officially opened two state-of-the-art hyperscale data centres in Auckland, New Zealand. CDC has also acquired … land in Auckland to enable the construction of additional facilities, underpinned by strong customer demand.

“The valuation also reflects that CDC announced that it is expanding its Eastern Creek data centre campus in Sydney.

“The campus already houses four data centres, delivering a combined capacity of 123MW, with construction of two more data centres to commence in 2023 to add a further 108MW of capacity.”

More related stories

Property

Generation of boomers to drive up waterfront house prices

McGrath CEO’s latest report suggests sea-change seekers are driving up prices in coastal towns as a generation accesses super and makes plans for their golden years.

Read more

Aviation

Qantas counting on positive changes to win over shareholders

The airline is hopeful a record share price and new chairman will ensure a less fiery AGM than last year’s disastrous affair.

Read more